On Sun, Jun 17, 2018 at 01:37:24PM +0200, Johannes Schindelin wrote: > > If it's just a custom Authorization header, we should be able to support > > it with existing curl versions without _too_ much effort. > > Indeed. Because it is already implemented: > > git -c http.extraheader="Authorization: Bearer ..." ... > > To make this a *little* safer, you can use http.<URL>.extraheader. Yeah, that will work for some cases. A few places it might not: - some people may want to provide this only in response to a 401 - some tokens may need to be refreshed, which would require interacting with a credential helper to do the rest of the oauth conversation - there's no good way to hide your token in secure storage (versus sticking it on the command-line or in a config file). -Peff
